[Logcheck-devel] Bug#353962: Re: Bug#353962: integrate courier file in logcheck-database
Chris Boot
crb at tiger-computing.co.uk
Mon Jan 27 18:02:42 UTC 2014
Control: reassign -1 src:courier
Control: retitle -1 incorporate logcheck snippets
Dear maintainer,
Logcheck is a package to filter system log events for the administrator.
Its aim is to remove chatter from the log files, leaving only the events
that the administrator needs to deal with. Filtering is for display
only, leaving the original log file intact for later reading.
Please ship snippets for consumption by the logcheck package. Logcheck
will stop shipping snippets for your package in the future, so it's
important that your package takes over these files.
If you use debhelper or CDBS, this is very simple:
1. provide your snippets in debian/<package>.logcheck.<type>
where <type> is one of the following:
violations
violations.ignore
ignore.workstation
ignore.server
ignore.paranoid
2. add a call to dh_installlogcheck in debian/rules, if you use
debhelper without the automatic sequencer
3. add a versioned Breaks: logcheck-database (<= 1.3.16~) to your
control file
Please allow 7 days before uploading a package including these changes;
this is to give time for a superseding logcheck package to be prepared.
For your convenience, the current snippets (if any) are attached.
For further information, please see README.Maintainers in the logcheck
package.
Please note we are aware that courier currently ships a number of its
own logcheck snippets (the above text is boilerplate). The
logcheck-database package will soon stop shipping
ignore.d.server/courier, so please incorporate any portions of that that
are still required into your own shipped logcheck files. In addition,
you may like to use dh_installlogcheck rather than adding them to .files
and special handling in debian/rules.
Best regards,
Chris
--
Chris Boot
Tiger Computing Ltd
"Linux for Business"
Tel: 01600 483 484
Web: http://www.tiger-computing.co.uk
Follow us on Facebook: http://www.facebook.com/TigerComputing
Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
Wyastone Leys, Monmouth, NP25 3SR
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[[:digit:]]+)?(, starttls=[01])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+(, time=[[:digit:]]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?(, protocol=IMAP)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Unexpected SSL connection shutdown\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): couriertls: read: Connection (reset by peer|timed out)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+, rcvd=[[:digit:]]+, sent=[[:digit:]]+, time=[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Disconnected, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, time=[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN, user=[._[:alnum:]-]+, ip=\[[.:[:alnum:]]+\], port=\[[[:digit:]]+\], protocol=(POP|IMAP)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, command=(CAPABILITY|AUTHENTICATE|LOGIN)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, username=[._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
More information about the Logcheck-devel
mailing list